Can't get Laird RG1xx Basics Station Forwarder working with TTN

I need help getting the Semtech Basics Station Forwarder of the Laird RG186 Gateway working with TTN.

This is my 5th Laird gateway, we use them at our company. Laird removed the TTN forwarder that we were using from the firmware of the gateway.
See thread at Laird Sentrius RG1xx Firmware Update.

Thus, I want to get all of our gateways running with the Basics Station forwarder.

I have used this manual from Laird, but I cant get the Gateway to connect to TTN using the Basics Station forwarder.

The manual uses LNS server wss://
And a Server Certificate Only.

I have tried the certificate from the Laird manual and those mentioned on TTN , at

But with no result. I cant connect to TTN using the Basics Station forwarder.
What am I missing?

My Firmware version is: Laird Linux gatwick-laird-

The logging from the WEB-UI of the gateway shows (followed by more retries):

RG1xx297A94 lora user.notice Jan 13 20:26:21 2021-01-13 20:26:21.583 [TCE:INFO] INFOS reconnect backoff 10s (retry 1)
RG1xx297A94 lora user.notice Jan 13 20:26:21 2021-01-13 20:26:21.582 [AIO:DEBU] [5] WS connection shutdown…
RG1xx297A94 lora user.notice Jan 13 20:26:21 2021-01-13 20:26:21.567 [AIO:XDEB] [5] ws_connecting state=1
RG1xx297A94 lora user.notice Jan 13 20:26:21 2021-01-13 20:26:21.540 [TCE:INFO] Connecting to INFOS: wss://
RG1xx297A94 lora user.notice Jan 13 20:26:21 2021-01-13 20:26:21.539 [AIO:XDEB] [5] ws_connecting state=1
RG1xx297A94 lora user.notice Jan 13 20:26:21 key usage : Digital Signature, Key Cert Sign,
RG1xx297A94 lora user.notice Jan 13 20:26:21 basic constraints : CA=true, max_pathlen=0
RG1xx297A94 lora user.notice Jan 13 20:26:21 RSA key size : 2048 bits
RG1xx297A94 lora user.notice Jan 13 20:26:21 signed using : RSA with SHA-256
RG1xx297A94 lora user.notice Jan 13 20:26:21 expires on : 2021-03-17 16:40:46
RG1xx297A94 lora user.notice Jan 13 20:26:21 issued on : 2016-03-17 16:40:46
RG1xx297A94 lora user.notice Jan 13 20:26:21 subject name : C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
RG1xx297A94 lora user.notice Jan 13 20:26:21 issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3

Hi @jvbelle, you may be able to extract some support out of Laird? It took a while last time for my downgrade advice but I did get some.

Improving that log to include more information is otherwise a bit of a priority. Under the old (TTN forwarder) firmware level it was as per this image. Hopefully it’s still somewhere close to that?


Hello @jvbelle, I am having the same issue. I have yet to hear back from Laird.

TTN just posted a video showing how to do this, kind of… He does not show what certs to add…


After selecting the Basics Station forwarder, the whole ‘advanced’ menu dissapears. Setting the debug level is impossible… (thanks for the picture)

I will try (as workaround) to select another forwarder, set de debug level and then select the Basics Station forwarder again to see if the setting carries over…

I’m very interested what Laird has to say about this. Please keep me posted.

@benolayinka could we please get more information on how you setup the Laird RG1xx in your recent video with Basic Station?

Thank you!

I don’t think the video is meant for explaining the configuration of Basics Station on the RG1xx. Its just a general review of several available LoraWAN gateways, which shows also the configuration (web) interface for each gateway.

Very confusing in the video is the ‘show the configuration’ part, which shows a configuration being entered for a CUPS server. While actually you should be configuring an LNS server according to the documenation of Laird, see Application Note - Setting Up Basics Station on TTN | Laird Connectivity.

Allas… both dont work for me… So I’m still looking for a solution.

Hello @jakymiwm and @jvbelle ! We have instructions in our documentation for connecting the RG1xx with Basic Station → Laird Sentrius™ RG1xx LoRaWAN Gateway | The Things Stack for LoRaWAN

You should be using CUPS, as CUPS automatically configures LNS and allows for any future credentials updates to be propagated automatically to your gateway.

To configure CUPS, you also need to use the CLI to provide the Stack with your LNS key, so it can send that to the gateway when it connects. We’re working to simplify this process, but for now the instructions are all in the CUPS documentation → Configuration and Update Server (CUPS) | The Things Stack for LoRaWAN

You’ll also need to use the DST Root X3 certificate as this gateway doesn’t support concatenated .pem files → Root Certificates | The Things Stack for LoRaWAN

EDIT: Sorry, I didn’t see that you were trying to connect to The Things Network V2. You should indeed use LNS, with the DST Root X3 certificate.

We also recommend that you upgrade to The Things Network V3, which we just released at the conference. Your existing login credentials should already be migrated, login using The Things ID and your existing username and password →

Keep in mind your applications need migration to V3 as well if you migrate the gateway to V3.

Hi, Thanks for replying. I was just typing… I’m indeed using TTN (and not TTI), thus via . And for configuration my gateways on the TTN side I use These still use the V2 version of the stack, like you state at the end of the message :wink:

I also see your statement regarding upgrading to the TTN V3 stack, I’ll try that using the documentation at: The Things Network upgrade to V3

(and of course watch the opening keynote :))

I hope the documentation on TTN will also be updated soon (which I can understand takes a while on the community driven TTN)

Thanks! I’ll let you the results after taking some time for adapting to the changes.

Mmm I’m now in the ‘forest’ of documentation that should lead me to a working Gateway.

At Configuration and Update Server (CUPS) | The Things Stack for LoRaWAN, chapter " Configure CUPS to Send the LNS API Key" it is pointed out that I should use the command line interface of TTN V3 to “We need to configure CUPS in The Things Stack to transmit the LNS API key when a gateway connects…” Why is this not supported in the web interface? For ‘normal’ users it takes a lot of hassle to get things done in this way… Still want to be a happy user ofcourse, But the documentation in this form is way to difficult for average users who just want to add there gateway to the community network. If we want to build a community network, things should be simpler imho.

btw the documentation at Configuration and Update Server (CUPS) | The Things Stack for LoRaWAN uses steps that can be only completed fom a linux command line, like:

$ export GTW_ID="your-gateway-id"
$ export LNS_KEY="your-lns-api-key"
$ export SECRET=$(echo -n $LNS_KEY | xxd -ps -u -c 8192)
$ ttn-lw-cli gateways update $GTW_ID --lbs-lns-secret.value $SECRET

The export command does not exist in windows. Nor does the xxd command that is uses after the pipe.
So im trying in my mingw environment now… (for average users… not very doable).

I’m getting error: error:cmd/ttn-lw-cli/commands:unauthenticated (not authenticated with either API key or OAuth access token)
at this step.

So i tried “$ttn-lw-cli.exe login” (both in mingw as in windows cmd shell) to log in/get the oath token. my browser opened when running the command but it cant connect to the said url at localhost.
Thus I’m stuck at the moment.

In the ‘old’ situation (TTN) I could manage everything from the web UI of the TTN console. Which was much more user friendly.


Hello @benolayinka, you mentioned one should

[…] use the DST Root X3 certificate as this gateway doesn’t support concatenated .pem files

But that works for a custom deployment of the stack right? How to connect the gateway to TTS v3 Cloud (community)?

I tested even extracting the The Things Industries Root CA from ca.pem but it doesn’t seem to work. Maybe I’m missing something ?

I need a FQDN and a server running The Things Stack?

I just want to add my Laird to the network.

I am trying the same, but on a Linux machine.

I configured manually the .ttn-lw-cli.yml file.

I had error initialli because I thought that oauth-server-address was using port 8887, but instead is on 443.

configuration file:
oauth-server-address: ‘
identity-server-grpc-address: ‘’
gateway-server-grpc-address: ‘’
network-server-grpc-address: ‘’
application-server-grpc-address: ‘’
join-server-grpc-address: ‘’
device-claiming-server-grpc-address: ‘’
device-template-converter-grpc-address: ‘’
qr-code-generator-grpc-address: ‘’

One has to login before command
ttn-lw-cli gateways update $GTW_ID --lbs-lns-secret.value $SECRET"
I opened manually the browser with address on terminal since it didn’t arrive to open.
I got the json answer with lbs_lns_secret key_id f.

Had yet to finish, since have other things to do now.

1 Like


I think I got it working. I am still having this issue below:

Drop uplink message - Host cluster failed to handle message: No device matches uplink

Try this!

Add the Gateway to the console:

Per: Adding Gateways | The Things Stack for LoRaWAN


Create CUPS API key for your gateway with the following rights:

  • View gateway information

  • Edit basic gateway settings

  • Retrieve secrets associated with a gateway

Create LNS API Key with the following rights:

  • Link as Gateway to a Gateway Server for traffic exchange, i.e. write uplink and read downlink

Create the CUPS Key (I did this on a Raspberry Pi)

$ export CUPS_KEY="your-cups-api-key"
$ echo "Authorization: Bearer $CUPS_KEY" | perl -p -e 's/\r\n|\n|\r/\r\n/g'  > cups.key

Create the LNS Key

$ export LNS_KEY="your-lns-api-key"
$ echo "Authorization: Bearer $LNS_KEY" | perl -p -e 's/\r\n|\n|\r/\r\n/g'  > lns.key

Setup Laird (I am using, I think would work as well.)

Semtech Basic Station

CUPS Server Address:

LNS Server Address:

  • wss://

CUPS and LNS Server Cert:


  • Generated above


  • Generated above

Thanks! I did something like this before, going to see where i did different.

Yep, you are 100% right, and we are adding this as soon as we can.

ttn-lw-cli login shouldn’t connect to localhost - you need to configure it to use TTN v3. Do ttn-lw-cli use the CLI | The Things Stack for LoRaWAN

Once you’ve got that, you’ll be able to use it to add the LNS key. Again, really sorry that this is still a CLI only command, we’re building this in to the console now.


Your gateway is working! This means that it received a packet for a device that is not registered in TTN or your own deployment.

1 Like

Thanks @benolayinka for the tips, I’ve got my RG191 across from v2 to v3 (in AU) with basic station forwarding - the instructions above with CUPS were helpful for me. Its mostly working, although I note a few issues on device joins via this gateway using v3 stack which I did not have when I was using v2 - a little unreliable and takes my device a few attempts to join the network, so I need to troubleshoot this issue separately. But I don’t intend to go back to v2 given it will become read-only shortly.
Just a hint to those having issues with not having linux. I installed the windows binaries for the CLI support and then used GIT BASH shell to give me xxd etc. It worked well, hope this information helps someone else trying to get their gateway going with CUPS.

1 Like

It’s possible to get it working only using LNS, which is easier if maybe a little less stable in the O(5 years) timeframe.

I followed the instructions in the Laird App Note here. There’s a bug in the instructions though, and then another bug which compounds it:

It says

For Unix based OS - “\r” must be added to end of key for proper line endings

but then gives the command
Echo -e "Authorization: Bearer NNSXS.xxxxx\n">tc.key

Which is wrong. Do what it says, not what it did. The correct command is:
echo -e "Authorization: Bearer NNSXS.xxxxx\r">tc.key

The second bug is that if you upload a key file with the same name it doesn’t seem to stick – rename it to tc2.key and upload it and it’ll be fine. And it’ll go to the configured band plan and not the one hardcoded on the device (important for RG191s sold into other countries prior to this hard-setting and country-specific versioning).

If you do this key file incorrectly there is an error in the log (bottom lines, turn on auto-updating) saying the key file is in the wrong format but it wasn’t updating the first time I uploaded everything (and in fact locked itself into online state but didn’t do anything). Rebooting helped.